There is currently no JavaScript client-side component to Shiro, although this has been discussed on more than a few occasions (e.g. a JavaScript mechanism, ActionScript for Flex, etc).
The 'poor man's solution' for this is to have a SecurityService exposed to the client tier that acts as a simple passthrough to Shiro's Subject.* calls. As long as the session id cookie accompanies the request, Shiro's AbstractShiroFilter implementations (e.g. IniShiroFilter) will automatically associate the inbound request with the corresponding Subject to ensure the SecurityService works as expected. This solution aside, one of my desires is to see the community contribute client-side libraries to pair with Shiro's server-side support - JavaScript, ActionScript, C#, etc. Hopefully someone will dig in to this! In the meantime, the SecurityService 'wrapper' has served me well enough in the past, even if it isn't the ideal. HTH, Les On Mon, Aug 23, 2010 at 12:27 PM, Mike K <[email protected]> wrote: > > I am thinking of using similar functionality to give some hints to an AJAX > web client about the users permission state (incomplete information like > login status and admin permissions). Current thought is to use a cookie or > to find/implement a cookie-based session. > I guess what I am saying is that I am interested in this as well. > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Permission-checking-on-client-side-tp5450587p5453883.html > Sent from the Shiro User mailing list archive at Nabble.com. >
